What is the potential issue with the SELECT query in the provided PHP code?

The potential issue with the SELECT query in the provided PHP code is that it is vulnerable to SQL injection attacks. To prevent this, you should use prepared statements with parameterized queries. This will sanitize user input and prevent malicious SQL code from being executed.

// Fix for the SELECT query using prepared statements
$connection = new mysqli(&quot;localhost&quot;, &quot;username&quot;, &quot;password&quot;, &quot;database&quot;);

// Check connection
if ($connection-&gt;connect_error) {
    die(&quot;Connection failed: &quot; . $connection-&gt;connect_error);
}

// Prepare and bind the SELECT query
$stmt = $connection-&gt;prepare(&quot;SELECT id, name FROM users WHERE username = ?&quot;);
$stmt-&gt;bind_param(&quot;s&quot;, $username);

// Set parameters and execute
$username = $_POST[&#039;username&#039;];
$stmt-&gt;execute();

// Bind result variables
$stmt-&gt;bind_result($id, $name);

// Fetch results
while ($stmt-&gt;fetch()) {
    echo &quot;ID: &quot; . $id . &quot; Name: &quot; . $name . &quot;&lt;br&gt;&quot;;
}

$stmt-&gt;close();
$connection-&gt;close();

Keywords

SQL injection prepared statements mysqli bind_param vulnerability

What is the potential issue with the SELECT query in the provided PHP code?

Keywords

Related Questions